package com.effectiv.panchoo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable()		
	      .authorizeRequests()
	        .antMatchers("/signup","/about","login","/user/**").permitAll() 
	        .antMatchers("/webjars/**").permitAll() 
	        .antMatchers("/**.html").hasAnyRole("USER") // #6
	        .anyRequest().authenticated() // 7
	        .and()
	    .formLogin()
	    	.loginPage("/signin")
	        .loginProcessingUrl("/authenticate.html")
	        .defaultSuccessUrl("/home")
	        .failureUrl("/singinfail?error")
	        .usernameParameter("username")
	        .passwordParameter("password")
	        .permitAll(); // #5
            
          
            
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .inMemoryAuthentication()
                            .withUser("fabrice").password("fab123").roles("USER")
                            .and().withUser("dhrubo").password("fab123").roles("USER")
                            .and().withUser("john").password("fab123").roles("USER")
                            ;
    }
}
